André Rebentisch durchkämmt die Cloud

Posts Tagged ‘swift’

Without much general awareness of the larger public, there are fresh American plans to choke an expected update of EU data protection laws. The plan is using a trade funnel torpedo and the fiction of non-tarrif trade discrimination. Sure, the current policy drift towards privacy/digital rights leads to a stronger position of Europe to defend the privacy of its citizens abroad. The midterm counter-measure proposed by the Americans would be IDEA:

“We suggest that the EU and the U.S. initiate negotiations over an International Digital Economy Accord (IDEA) based on the principle of the free flow of information. … The IDEA should address market access related problems, non-tariff barriers and service regulations. The exact design and content of the IDEA must of course be the subject of negotiations between the countries that have decided to join the “coalition of the willing” negotiating this agreement.

The negotiating agenda should reflect the practical concerns and experiences of firms engaged in the cross-border digital economy. Concerns related to the information, communications.
and technology (ICT) sector are numerous, especially since trade in ICT goods and services support the whole economy.

What is the perceived problem?

The ability of companies to process data and deliver services internationally is under serious threat. Regulators in many countries increasingly require personal data to be maintained on servers in the home jurisdiction. It is sometimes required that offshore services be relocated to the importing country and, in the case of China, data-processing hubs are obliged to be located within the regulated markets. Moreover, users of international digital services are being challenged more and more by national regulations on issues of data management, digital rights, data privacy and the location of commercial data, with growing nationalist pressures everywhere to use local services suppliers in these areas in order to generate local jobs.

And the solution: abolish data sovereignty:

The IDEA would seek to prohibit any requirements to locate information technology (IT) infrastructure (e.g. servers) within the domestic jurisdiction as a condition of permission to process data or to provide digital services. The IDEA would also encourage international harmonization of data privacy requirements, and encourage the adoption of internationally accepted security frameworks and the use of third party auditors to reassure regulators that data is properly protected without the need for cross-border restrictions.

The agreement could take various forms. Ideally it would be an agreement that provides for a negotiating mechanism to continually update its content, since the digital-economy changes quickly.”

I makes you wonder whether they forgot the SWIFT spying scandal where the United States had unauthorised access to highly sensitive European financial transaction data, simply because mirror servers were operating in the United States.

Don’t these conditions sound reasonable, conditions for sharing SWIFT financial transaction data with the United States for anti-terrorism purposes:

On the issue of bank data transfers, Parliament argues in a resolution adopted by show of hands, that bulk data transfers infringe EU legislation. It urges the Council and Commission to “address this issue properly in the negotiations”. In addition, the new agreement should include “strict implementation and supervision safeguards, monitored by an appropriate EU-appointed authority” on the day-to-day extraction of and use by the US authorities of all such data. The maximum storage period must not exceed five years and the data may not be disclosed to third countries. [MEPs] believe that “the option offering the highest level of guarantees” would be to allow for the extraction of data to take place on EU soil, in EU or joint EU-US facilities. In the medium term, an EU judicial authority should oversee the extraction of data in the EU. Meanwhile, select EU personnel should take part in the oversight of the extraction process in the USA.

Reciprocity would require the Americans to allow EU authorities to obtain and use data stored in servers in the US.

The scandal was that EU member states agreed before on a deal which didn’t meet these simple conditions as I covered on this blog before. Parliament rejected the previous deal. US VP Biden was yesterday in Brussels and addressed the European Parliament.

The SWIFT interim agreement was rejected by the European Parliament with 378 votes to 196. Standing ovations. That is a strong message and indicates that members understood how outrageous the proposal was.

In German TV news Markus Ferber and Martin Schulz strongly criticised the American pressure, and expressed great institutional satisfaction. Martin Schulz criticised the ‘arrogancy’ of the Council ministers of interiour. Alexander Alvaro expressed similar concerns before.

On the principle of proportionality: SWIFT cannot, for technical and governance reasons, search the ‘content’ of the messages, and thus cannot search data based on criteria like names, addresses and/or invoice numbers of individuals. Therefore if SWIFT were to receive a (Article 4, FMDA) request to produce data related to e.g. an individual, SWIFT will not be able to produce that specific data because of technical reasons. SWIFT could provide instead ‘data in bulk’. These messages may eventually contain the specific data (e.g. the name or the address of an individual) that the authority needs for counter terrorism purposes. So, by the very nature of SWIFT it is not possible to refer to so-called limited requests.

The above-mentioned implies that SWIFT has to transfer all, or virtually all, of its data to US Treasury. That violates the basic principles of data protection law, i.e. the principles of necessity and proportionality. This cannot be subsequently rectified by mechanisms of oversight and control.

Brusselsblogger makes a very good case why the European Parliament has to reject the SWIFT data proliferation deal this week, despite the aggressive moves from the United States diplomatic corps to keep the interim agreement. The PR machine is running full speed, we are told how indispensable the date results were in the fight against terrorism for our domestic law enforcement purposes. While terrorism alone cannot disrupt our financial markets the SWIFT data proliferation bears the potential to achieve that. Let me add another two aspects to the great Brusselsblogger analysis:

I. The missing larger context argument: Europe currently suffers from an unprecedented post-War financial crisis. It is founded in permissive financial market regulations and US financial stimulus in the aftermath of the very Islamic terrorist attack. The loss of financial market confidence affects European families and the financial stability of European economies such as Greece, Spain and others. Some European nations are close to national bankruptcy, some neighboring countries like Iceland passed that stage

A rejection of the proposed SWIFT financial data proliferation agreement would sent a strong message to citizens that policy makers take a more sensitive approach towards financial regulation. Given that US counter-terrorism context of the current financial crisis it can hardly be understood that a Spanish Presidency takes a permissive approach, and some European decision makers still believe that anti-terrorism uses of the date out-weight the malpractice, irresponsible administration of toxic data.

II. The financial bulk data could be used for US business espionage and cause devastating effects on the financial market and financial market confidence. Furthermore the agreement is lukewarm in its permission to share such data with other nations, which may be more aware of the toxic nature of the data and seek their advantage. By all means European policy makers have to prevent a financial data crisis, that is undermining trust in electronic financial data transactions by opening pandora’s box.

It is not about “privacy” of citizens as the news agencies report, that is really the minor concern. A majority of European policy makers fully agrees in principles to use the data for anti-terrorism requests from law enforcement agencies (which requires careful administration and strongest safeguards).

In a conventional narrative our personal “privacy” interests would be weighted against public “security” interests of our government which seeks to counter terrorism and other serious crimes. Some politicians and media observers think along these lines which are on a lower level. Here the general trust in financial transaction services, our European financial transaction markets are at stake.

The new US ambassador to the European Union William Kennard applies a mad rhino strategy, he blackmails members of the European Parliament, the Financial Times Deutschland quoted from a letter his office sent to the group leaders:

“If the European parliament overturns the agreement, I am unsure whether Washington agencies would again decide to address this issue at EU level”

He indicates the US would negotiate a bilateral agreement instead. Of course it seems legally impossible for member states to enter bilateral agreements and member states would be reluctant to follow that path. Hillary Clinton reportedly phoned Catherine Ashton(?!) and Parliament President Jerzy Buzek. I am sure Buzek and the other members will teach them manners.

Quick notes: Today the Spanish minister is grilled over SWIFT in LIBE.

MEP Albrecht for instance stressed an alleged incompatibility of the prolonged agreement with the national constitutional order without getting into details, obviously he has a scrutiny process in mind. Council statement a “nonsequi” another member said and highlighted a contradiction concerning SWIFT adoption, that on the one hand Parliament has to be heard but on the other hand member states argue parliament intervention may not effect the agreement conclusion.

All of the members seem to be pretty upset about the Council take on SWIFT. My notes on the second minister response:

The Council decided on the substance of Swift.

On the decision substance..

Perview of parliament

Period of change

Extending something which already existst

SWift is under restructuring.

Information from North American can not be given, prior

No itention whatsoever of extracting information.

2 question

30 Nov deadline legal base to maintain of that system, just extentions
under international law impossible to postpone because unilateral decision

this parliament would decide

security and data protection in particular.

in line with charter

time to get information, listen to experts, solid alternative, only intention behind.

NO decision on the substance, No change to status quot, just extention, this parliament will decide.

Highlevel-WG set up between EU and US, soon reports.

Aware of concerns data protection

Has to be debated HERE in the chamber.

Experts telling SWIFT measures very effective in fight against terrorism.

Apparently still no one seems aware of the “business espionage” toxic mix concerning SWIFT data.

A few quick questions that come to my mind:

members of US-EU HLG?

legal base of US-EU HLG = really a “HLG” in the Com sense?

Presidency aware that SWIFT is non-governmental?

“extention” in what way?

A rapporteur is assigned for SWIFT (MEP Hennis-Plassaert), PNR (MEP in ‘t Veld, ALDE) etc. LIBE will write to the Legal Service in a fast-track procedure on the substance of SWIFT